Paranoid: Open-Source Iterative Threat Modeling for AppSec Teams That Are Outnumbered

Threat modeling often breaks down at scale. In many organizations, a small AppSec team is expected to support hundreds of developers, so most systems get either a rushed model or none at all. The result is predictable: security issues surface late, AppSec loses visibility, and review becomes a bottleneck instead of a safeguard.

In this talk, I’ll show Paranoid, an open-source, self-hosted tool I built to accelerate that first draft without removing the reviewer from the loop. It accepts a text description, diagram, or repository and produces a draft threat model using an iterative LLM pipeline backed by a deterministic pattern engine. It supports STRIDE and MAESTRO, exports to common formats including SARIF, and can run fully air-gapped with Ollama.

I’ll show the engineering choices that made this workable for a real AppSec team: deterministic fallback for known threats, gap analysis between passes, editable trust boundaries and data flows before threat generation, output deduplication, and a built-in approval workflow so nothing ships as an accepted threat model without human review. Attendees will leave with a practical architecture, an honest account of its failure modes, and a clearer sense of where automation belongs in threat modeling and where it does not.